Social Engineering

Identify weaknesses in your employees security knowledge. Start building your cyber security resilience today.

Contact Us

What is Social Engineering?

Social engineering is the psychological manipulation of targeted individuals to perform actions or provide confidential information. Attackers target users / individuals within an organization, to access sensitive information that should not be shared publicly.
Social engineering is not limited to the more well-known type, email-based phishing. Social Engineering is always evolving and encompasses any phycological manipulation on individuals that lead to the attacker’s goal.
Examples of social engineering are:

Phone Phishing

Attackers call targets and try to maniuplate them via a phone conversation. These attackers tend to have a high success rate, as the targets have little time to think as its a live conversation.

SMS based Phishing 

Smses are used to manipulate targets to take actions against their best interest. Attackers can impersonate companies and try steal credentials, money, provide sensitive information etc

Physical intrusion

Attackers will try and gain phyiscal access to the building to achieve their goal. Attackers use variety of techniques to get employees to act against their best wishes. This can range from dressing as a delivery person, impersonating a new employee to testing both the employees and the locations physical security safeguards.

Email based Phishing

Email based phishing can range from mass emails employees to highly targetted phishing emails, customly main for a specific individual (spear phishing). Attackers have all the time to research the targetted company and the employees, they can use this research to increaes the likelyhood the targets will fall for their phishing emails.

How We Do It?

We make your security project stress-free for you to have the perfect control.

01

Reconnaissance

After scoping is defined and parameters set, our consultants start with general reconnaissance and attack surface mapping.

  • Assess public exposure of company and staff (social media, data dumps, other public sources)
  • Identify software used such as online services (data leakage through publications, analysis of DNS records)
  • Indepth OSINT research
02

Planning

After conducting our intial research, our consultants establish the best plan of attack for example

  • Phone Phishing
  • SMS phishing with Email support
  • Phyiscal Intrusion, etc.

  • After we have planned our approach, our team crafts the contents of the campaign specific to our targets.

    03

    Preparation

    This is always different for each social engineering engagement. As our consultants decide what is the best approach to target the organization, within in the scope and rules set by the client. However, to list some examples of preparation:

  • Register Typo domains of targetted organization
  • Set up fake email accounts of senior staff members
  • Clone login pages to steal credentials
  • Apply for a job at the targetted company
  • 04

    Attack & Reporting

    In this phase our consultants launch the attack on the targetted company. This could range from:

  • Mass phishing emails
  • Highly targetted phishing emails to senior staff
  • Mass Sms alerts to staff members
  • performing onsite engagement
  • During this phase, employees who become aware of a threat can get concerned, this is why we always have the right safeguards in place and stay in communication with our appointed staff member(s).
    After the attack is performed, our consultants provide a full report with recommendations. Finally we offer multiple aftercare options to ensure your organization is ready for real threats.

    Our Pricing

    Standard Package

    3500
    • 30 Targets
    • Tailored Emails
    • 2 Attack vectors
    • Discount on follow up phone phishing
    • Full report & after attack support
    • Emails Spread over multiple campaigns
    • Phone & SMS Phishing included
    Choose Plan

    Premium Package

    5000
    • 75 Targets
    • Tailored Emails and SMSes
    • 3 Attack vectors
    • Emails spread over multiple campaigns
    • Phone Phishing Included
    • Full report & after attack support
    • Continuous attacks over 5 working days
    Choose Plan

    Premium Plus

    8500
    • 120 Targets
    • Tailored Emails and SMSes
    • 4 Attack vectors
    • Emails spread over multiple campaigns
    • Phone Phishing Included
    • Continuous attacks over 5 working days
    • Full report & after attack support
    Choose Plan

    Book a Free Consultation Now

    Get the right advice from the start, or tell us what you are looking for. Book a free consultation below